Researchers recently revealed that a data cluster with 20 million Russian citizens’ tax records has not set any security measures, and users can view the information through the public network. The information revealed during the incident included the taxpayer’s name, address, residency status, passport number, telephone number, tax ID, employer’s name and telephone number, and tax amount.
It is understood that this AWS Elasticsearch data cluster consists of multiple databases, two of which have tax and personal information for Russian citizens: one data inventory has 14 million tax records between 2010 and 2016, and the other has 6 million tax records between 2009 and 2015. Affected Russian citizens live in Moscow and surrounding areas.
“We cannot determine whether anyone else accessed the data while it was exposed,” the researchers say. “We could only determine that the owner is in Ukraine and know little more about the party responsible.” The data cluster is currently disconnected from the public network.